Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

windows antivirus encoore lui

triton

Par triton
dans Analyses et éradication malwares

 Partager

Messages recommandés

triton Member

triton

Posté(e)
  • Auteur
Posté(e)

entre temps j'ai lancé spyware doctor qui m'a trouvé plus de 500 infections diverses. J'ai réussi à restaurer regedit et nettoyer tout SAUF 1 !!!

apres redemarrage c'est reparti de plus belle.

Je vais faire ce que tu m'as demandé !!

C'est le poste du boss et je ne peux pas toujours y accéder.

à suivre et merci encore pour ton aide

triton Member

triton

Posté(e)
  • Auteur
Posté(e)

bonjour,

 

j'ai fait la manip mode 2

et impossible d'acceder au registre.

 

ci joint rapport:

SmitFraudFix v2.222

 

Rapport fait à 11:19:16,10, 14/09/2007

Executé à partir de C:\Documents and Settings\boss\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

192.168.200.3 ad.doubleclick.net

192.168.200.3 ad.fastclick.net

192.168.200.3 ads.fastclick.net

192.168.200.3 ar.atwola.com

192.168.200.3 atdmt.com

192.168.200.3 avp.ch

192.168.200.3 avp.com

192.168.200.3 avp.ru

192.168.200.3 awaps.net

192.168.200.3 banner.fastclick.net

192.168.200.3 banners.fastclick.net

192.168.200.3 ca.com

192.168.200.3 click.atdmt.com

192.168.200.3 clicks.atdmt.com

192.168.200.3 customer.symantec.com

192.168.200.3 dispatch.mcafee.com

192.168.200.3 download.mcafee.com

192.168.200.3 downloads-us1.kaspersky-labs.com

192.168.200.3 downloads-us2.kaspersky-labs.com

192.168.200.3 downloads-us3.kaspersky-labs.com

192.168.200.3 downloads1.kaspersky-labs.com

192.168.200.3 downloads2.kaspersky-labs.com

192.168.200.3 downloads3.kaspersky-labs.com

192.168.200.3 downloads4.kaspersky-labs.com

192.168.200.3 engine.awaps.net

192.168.200.3 f-secure.com

192.168.200.3 fastclick.net

192.168.200.3 ftp.avp.ch

192.168.200.3 ftp.downloads1.kaspersky-labs.com

192.168.200.3 ftp.downloads2.kaspersky-labs.com

192.168.200.3 ftp.downloads3.kaspersky-labs.com

192.168.200.3 ftp.f-secure.com

192.168.200.3 ftp.kasperskylab.ru

192.168.200.3 ftp.sophos.com

192.168.200.3 ids.kaspersky-labs.com

192.168.200.3 kaspersky-labs.com

192.168.200.3 kaspersky.com

192.168.200.3 liveupdate.symantec.com

192.168.200.3 liveupdate.symantecliveupdate.com

192.168.200.3 mast.mcafee.com

192.168.200.3 mcafee.com

192.168.200.3 media.fastclick.net

192.168.200.3 my-etrust.com

192.168.200.3 nai.com

192.168.200.3 networkassociates.com

192.168.200.3 norton.com

192.168.200.3 phx.corporate-ir.net

192.168.200.3 rads.mcafee.com

192.168.200.3 secure.nai.com

192.168.200.3 securityresponse.symantec.com

192.168.200.3 service1.symantec.com

192.168.200.3 sophos.com

192.168.200.3 spd.atdmt.com

192.168.200.3 symantec.com

192.168.200.3 trendmicro.com

192.168.200.3 update.symantec.com

192.168.200.3 updates.symantec.com

192.168.200.3 updates1.kaspersky-labs.com

192.168.200.3 updates2.kaspersky-labs.com

192.168.200.3 updates3.kaspersky-labs.com

192.168.200.3 updates4.kaspersky-labs.com

192.168.200.3 updates5.kaspersky-labs.com

192.168.200.3 us.mcafee.com

192.168.200.3 vil.nai.com

192.168.200.3 viruslist.com

192.168.200.3 viruslist.ru

192.168.200.3 virusscan.jotti.org

192.168.200.3 virustotal.com

192.168.200.3 www.avp.ch

192.168.200.3 www.avp.com

192.168.200.3 www.avp.ru

192.168.200.3 www.awaps.net

192.168.200.3 www.ca.com

192.168.200.3 www.f-secure.com

192.168.200.3 www.fastclick.net

192.168.200.3 www.grisoft.com

192.168.200.3 www.kaspersky-labs.com

192.168.200.3 www.kaspersky.com

192.168.200.3 www.kaspersky.ru

192.168.200.3 www.mcafee.com

192.168.200.3 www.my-etrust.com

192.168.200.3 www.nai.com

192.168.200.3 www.networkassociates.com

192.168.200.3 www.sophos.com

192.168.200.3 www.symantec.com

192.168.200.3 www.symantec.com

192.168.200.3 www.trendmicro.com

192.168.200.3 www.viruslist.com

192.168.200.3 www.viruslist.ru

192.168.200.3 www.virustotal.com

192.168.200.3 www3.ca.com

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

merci

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut :P

 

Ok SmitFraudFix ne détecte plus l'infection.

Ceci dit, le malware a mis des restrictions dans la base de registre (d'ou l'impossibilité d'ouvrir le registre).

Voilà ce que tu vas faire >

 

Fais un clic droit sur cette adresse > http://www.malekal.com/download/telecharge...dit_taskmgr.reg

Choisis "Enregistrer la cible du lien sous" afin d'enregistrer le fichier Activer_regedit_taskmgr.reg sur ton bureau.

Une fois ceci fait, double clique dessus : au message qui te demande d'accepter la fusion avec le registre, accepte!

Après ca, tu dois pouvoir ouvrir Regedit.

 

Ton fichier Hosts est corrompu! il faut le restaurer ainsi >

 

-Télécharge et dézippe=> Hoster de ToadBee et dézippe le sur ton bureau :

  • Un dossier Hoster va se créer sur le bureau.
  • Ouvre le dossier et clique sur le fichier Hoster.exe
  • Clique sur "Restore Microsoft's Hosts File" >
    e3e1a1504a7f2700a326ee3981f5.gif
  • à présent quitte le programme .

-Fais le scan chez Panda comme indiqué dans mon message n°15 et poste le rapport stp

Poste aussi un nouveau rapport hijackthis et relance SmitFraudFix: juste l'option 1 stp :P

Modifié par charles ingals
triton Member

triton

Posté(e)
  • Auteur
Posté(e) (modifié)

il me refuse toujours l'acces au registre. j'arrive à virer les 2 clés regedit avec vilma mais pas acces à installer désinstaller programmes.

j'ai touvé xperhost et quand je le lance il ne se passe rien de spécial dur dur !!

Modifié par triton
Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

Hoster de ToadBee c'est juste pour restaurer le fichier Hosts original! Tu n'as pas besoin d'un autre programme pour cela.

Est ce que tu as pu faire fusionner le fichier avec le registre ? l'opération s'est elle déroulée normalement ?

Voilà à quoi doit ressembler le fichier que tu as téléchargé" sur ton bureau > 07898cd760aeb2f1aded84d6f5ab4.gif

Est ce le cas ?

Si le fichier Activer_regedit_taskmgr.reg n'était pas comme indiqué, recommence la manip.

Si tu utilises Internet Explorer, fais un clic droit sur l'adresse du fichier indiqué plus haut et choisi "Enregistrer la cible sous"

Fais le scan en ligne Panda, et poste le rapport.

Relance stp WinpFind3U pour voir ou tu en est (lance le avec les mêmes options que précédement)

 

allez courage :P

Modifié par charles ingals
triton Member

triton

Posté(e)
  • Auteur
Posté(e) (modifié)

le fichier Activer_regedit_taskmgr.reg était bien chargé mais j'ai eu le message d'interdiction.

J'ai donc enlevé les clé avec vilma et j'ai supposé que regedit était réactivé.

Ensuite j'ai appliqué hoster sans rien voir de sensationnel.

Je constate que l'infection est toujours là.

Impossible d'accéder au module de desinstallation (pour java).

De plus maintenant je n'ai plus d'accès à internet, je crois bien que j'ai du faire une connerie avec le fichier host.

J'ajoute que le programme que tu m'as indiququé pour restaurer le fichier host n'existe pas. J'ai donc pris le premier de la liste.

 

Je poste depuis mon domicile

est il possible de restaurer le fichier host ?

Modifié par triton
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Re!

 

Excuse moi pour le lien qui est mort :P pour restaurer ton fichier Hosts original avec HostsXpert, la manipulation est sensiblement la même >

 

Ouvre le programme (double clique dessus) et clique sur le bouton "Restore MS Hosts File"

 

Relance stp WinpFind3U et poste le rapport pour voir.

triton Member

triton

Posté(e)
  • Auteur
Posté(e) (modifié)

bonjour, on attaque la 3e semaine !!

 

ci joint le rapport

 

WinPFind3 logfile created on: 17/09/2007 11:09:21

WinPFind3U by OldTimer - Version 1.0.41 Folder = C:\Documents and Settings\boss\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2900.2180)

 

510,09 Mb Total Physical Memory | 223,20 Mb Available Physical Memory | 43,76% Memory free

1,22 Gb Paging File | 0,32 Gb Available in Paging File | 26,59% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 229,76 Gb Total Space | 211,67 Gb Free Space | 92,13% Space Free

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

 

Computer Name: FRANCIS

Current User Name: boss

Logged in as Administrator.

Current Boot Mode: Normal

 

 

[Processes - Non-Microsoft Only]

aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ]

ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 28/07/2007 00:03:34 | Attr = ]

ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 28/07/2007 00:03:08 | Attr = ]

ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 28/07/2007 00:03:28 | Attr = ]

ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 28/07/2007 00:02:20 | Attr = ]

aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 27/07/2007 23:52:46 | Attr = ]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04/08/2005 06:02:58 | Attr = ]

dex_ic-304v1.exe -> %UserAppData%\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE -> [Ver = | Size = 28771 bytes | Modified Date = 26/01/2004 18:58:48 | Attr = ]

dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 15/09/2004 03:01:00 | Attr = ]

dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 18:19:56 | Attr = ]

gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 23:48:34 | Attr = ]

hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ]

hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 479232 bytes | Modified Date = 12/05/2005 00:33:52 | Attr = ]

hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 12/05/2005 00:40:38 | Attr = ]

hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 11/05/2005 23:23:26 | Attr = ]

hprblog.exe -> %ProgramFiles%\HP\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 11/05/2005 23:16:22 | Attr = ]

hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ]

iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 25/04/2005 10:50:08 | Attr = ]

iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 25/04/2005 10:49:52 | Attr = ]

integr10.exe -> %SystemDrive%\Devis10\Integr10.exe -> GRAPHISOFT [Ver = 10.03.0017 | Size = 14725120 bytes | Modified Date = 04/11/2005 17:43:32 | Attr = ]

issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 18:50:18 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 19/11/2003 19:48:14 | Attr = ]

qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr = ]

sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.8 | Size = 1063752 bytes | Modified Date = 14/08/2007 17:02:20 | Attr = ]

soffice.bin -> %ProgramFiles%\OpenOffice.org 2.2\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9153 | Size = 2510848 bytes | Modified Date = 29/05/2007 15:48:16 | Attr = ]

soffice.exe -> %ProgramFiles%\OpenOffice.org 2.2\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9153 | Size = 2359296 bytes | Modified Date = 29/05/2007 15:48:14 | Attr = ]

stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 23/03/2005 02:20:44 | Attr = ]

svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.1 | Size = 729416 bytes | Modified Date = 14/08/2007 17:02:22 | Attr = ]

swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.5 | Size = 1407816 bytes | Modified Date = 14/08/2007 17:02:28 | Attr = ]

tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 03:05:00 | Attr = ]

w32mkde.exe -> %System32%\W32mkde.exe -> [Ver = | Size = 320512 bytes | Modified Date = 07/10/1996 22:22:04 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.41.0 | Size = 322560 bytes | Modified Date = 31/08/2007 10:30:22 | Attr = ]

wlancfg.exe -> %SystemRoot%\wlancfg.exe -> Inventel [Ver = 3, 1, 0, 0 | Size = 1294336 bytes | Modified Date = 05/12/2003 19:50:10 | Attr = ]

wlanmonitor.exe -> %ProgramFiles%\802.11 Wireless LAN\WlanMonitor.exe -> ATMEL [Ver = 3, 3, 4, 52 | Size = 450560 bytes | Modified Date = 01/10/2003 15:27:44 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 1 | Size = 566616 bytes | Modified Date = 27/08/2007 14:38:50 | Attr = ]

(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 27/07/2007 23:52:46 | Attr = ]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04/08/2005 06:02:58 | Attr = ]

(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 28/07/2007 00:03:28 | Attr = ]

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 28/07/2007 00:03:08 | Attr = ]

(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 28/07/2007 00:02:20 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ]

(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 25/04/2005 10:49:52 | Attr = ]

(Planificateur LiveUpdate automatique) Planificateur LiveUpdate automatique [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ]

(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.1 | Size = 729416 bytes | Modified Date = 14/08/2007 17:02:22 | Attr = ]

(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.5 | Size = 1407816 bytes | Modified Date = 14/08/2007 17:02:28 | Attr = ]

(Wlancfg) Service de lancement de WlanCfg [Win32_Own | Auto | Running] -> %SystemRoot%\wlancfg.exe -> Inventel [Ver = 3, 1, 0, 0 | Size = 1294336 bytes | Modified Date = 05/12/2003 19:50:10 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 23:48:34 | Attr = ]

AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ]

avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 28/07/2007 00:03:34 | Attr = ]

dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 03:05:00 | Attr = ]

DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 15/09/2004 03:01:00 | Attr = ]

DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 18:19:56 | Attr = ]

HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ]

IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 25/04/2005 10:50:08 | Attr = ]

ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 27/07/2004 18:50:42 | Attr = ]

ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 18:50:18 | Attr = ]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr = ]

SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.8 | Size = 1063752 bytes | Modified Date = 14/08/2007 17:02:20 | Attr = ]

SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 23/03/2005 02:20:44 | Attr = ]

SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 19/11/2003 19:48:14 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

DexStarter_IC-304V1 -> %UserAppData%\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat -> [Ver = | Size = 438 bytes | Modified Date = 22/06/2007 17:45:14 | Attr = ]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->

%AllUsersStartup%\Démarrage rapide du logiciel HP Image Zone.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 73728 bytes | Modified Date = 12/05/2005 00:49:24 | Attr = ]

%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 11/05/2005 23:23:26 | Attr = ]

< User Startup > -> C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage ->

%UserStartup%\Moniteur & Configuration.lnk -> %ProgramFiles%\802.11 Wireless LAN\WlanMonitor.exe -> ATMEL [Ver = 3, 3, 4, 52 | Size = 450560 bytes | Modified Date = 01/10/2003 15:27:44 | Attr = ]

%UserStartup%\OpenOffice.org 2.2.lnk -> %ProgramFiles%\OpenOffice.org 2.2\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 02/02/2007 17:54:56 | Attr = ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 ->

< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->

< HOSTS File > (3353 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

 

192.168.200.3 ad.doubleclick.net

192.168.200.3 ad.fastclick.net

192.168.200.3 ads.fastclick.net

192.168.200.3 ar.atwola.com

192.168.200.3 atdmt.com

192.168.200.3 avp.ch

192.168.200.3 avp.com

192.168.200.3 avp.ru

192.168.200.3 awaps.net

192.168.200.3 banner.fastclick.net

192.168.200.3 banners.fastclick.net

192.168.200.3 ca.com

192.168.200.3 click.atdmt.com

192.168.200.3 clicks.atdmt.com

192.168.200.3 customer.symantec.com

192.168.200.3 dispatch.mcafee.com

192.168.200.3 download.mcafee.com

192.168.200.3 download.microsoft.com

192.168.200.3 downloads-us1.kaspersky-labs.com

192.168.200.3 downloads-us2.kaspersky-labs.com

192.168.200.3 downloads-us3.kaspersky-labs.com

192.168.200.3 downloads.microsoft.com

192.168.200.3 downloads1.kaspersky-labs.com

192.168.200.3 downloads2.kaspersky-labs.com

192.168.200.3 downloads3.kaspersky-labs.com

192.168.200.3 downloads4.kaspersky-labs.com

192.168.200.3 engine.awaps.net

192.168.200.3 f-secure.com

192.168.200.3 fastclick.net

192.168.200.3 ftp.avp.ch

192.168.200.3 ftp.downloads1.kaspersky-labs.com

192.168.200.3 ftp.downloads2.kaspersky-labs.com

192.168.200.3 ftp.downloads3.kaspersky-labs.com

192.168.200.3 ftp.f-secure.com

192.168.200.3 ftp.kasperskylab.ru

192.168.200.3 ftp.sophos.com

192.168.200.3 go.microsoft.com

192.168.200.3 ids.kaspersky-labs.com

192.168.200.3 kaspersky-labs.com

192.168.200.3 kaspersky.com

192.168.200.3 liveupdate.symantec.com

192.168.200.3 liveupdate.symantecliveupdate.com

192.168.200.3 mast.mcafee.com

192.168.200.3 mcafee.com

192.168.200.3 media.fastclick.net

192.168.200.3 microsoft.com

192.168.200.3 msdn.microsoft.com

192.168.200.3 my-etrust.com

192.168.200.3 nai.com

192.168.200.3 networkassociates.com

192.168.200.3 norton.com

192.168.200.3 office.microsoft.com

192.168.200.3 pandasoftware.com

192.168.200.3 phx.corporate-ir.net

192.168.200.3 rads.mcafee.com

192.168.200.3 secure.nai.com

192.168.200.3 securityresponse.symantec.com

192.168.200.3 service1.symantec.com

192.168.200.3 sophos.com

192.168.200.3 spd.atdmt.com

192.168.200.3 support.microsoft.com

192.168.200.3 symantec.com

192.168.200.3 trendmicro.com

192.168.200.3 update.symantec.com

192.168.200.3 updates.symantec.com

192.168.200.3 updates1.kaspersky-labs.com

192.168.200.3 updates2.kaspersky-labs.com

192.168.200.3 updates3.kaspersky-labs.com

192.168.200.3 updates4.kaspersky-labs.com

192.168.200.3 updates5.kaspersky-labs.com

192.168.200.3 us.mcafee.com

192.168.200.3 vil.nai.com

192.168.200.3 viruslist.com

192.168.200.3 viruslist.ru

192.168.200.3 virusscan.jotti.org

192.168.200.3 virustotal.com

192.168.200.3 windowsupdate.microsoft.com

192.168.200.3 www.avp.ch

192.168.200.3 www.avp.com

192.168.200.3 www.avp.ru

192.168.200.3 www.awaps.net

192.168.200.3 www.ca.com

192.168.200.3 www.f-secure.com

192.168.200.3 www.fastclick.net

192.168.200.3 www.grisoft.com

192.168.200.3 www.kaspersky-labs.com

192.168.200.3 www.kaspersky.com

192.168.200.3 www.kaspersky.ru

192.168.200.3 www.mcafee.com

192.168.200.3 www.microsoft.com

192.168.200.3 www.my-etrust.com

192.168.200.3 www.nai.com

192.168.200.3 www.networkassociates.com

192.168.200.3 www.pandasoftware.com

192.168.200.3 www.sophos.com

192.168.200.3 www.symantec.com

192.168.200.3 www.symantec.com

192.168.200.3 www.trendmicro.com

192.168.200.3 www.viruslist.com

192.168.200.3 www.viruslist.ru

192.168.200.3 www.virustotal.com

192.168.200.3 www3.ca.com -> ->

< Internet Explorer Settings > -> ->

HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->

HKLM: Local Page -> C:\windows\system32\blank.htm ->

HKLM: Search Page -> http://www.google.com ->

HKLM: Start Page -> http://www.google.com ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Local Page -> C:\windows\system32\blank.htm ->

HKCU: Search Bar -> http://www.google.com/ie ->

HKCU: Search Page -> http://www.google.com ->

HKCU: Start Page -> http://www.google.com ->

HKCU: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

HKCU: ProxyEnable -> 0 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

msn.com [ - ] -> ->

< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Console Java (Sun)] -> File not found

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

E&xporter vers Microsoft Excel -> -> File not found

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->

SV1 -> ->

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{4F24856B-E7B5-42FA-8898-F1B5156B6552} -> (ATMEL USB FastVNET (505A)) ->

{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558} -> (ATMEL USB FastVNET (505A)) ->

{FFA92BA0-7FD5-4866-B39D-58FC128F4843} -> (Intel® PRO/100 VE Network Connection) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ]

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

 

 

[Files/Folders - Created Within 30 days]

dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 7661 bytes | Created Date = 30/08/2007 15:41:56 | Attr = ]

fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 30/08/2007 15:41:40 | Attr = ]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534941696 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS]

repair.reg -> %SystemDrive%\repair.reg -> [Ver = | Size = 236 bytes | Created Date = 11/09/2007 13:09:53 | Attr = ]

WA7PV -> %SystemDrive%\WA7PV -> [Folder | Created Date = 28/08/2007 07:16:53 | Attr = HS]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 20/08/2007 02:02:18 | Attr = H ]

$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 03/09/2007 02:00:31 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 20/08/2007 02:02:27 | Attr = H ]

$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 20/08/2007 02:00:42 | Attr = H ]

$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 20/08/2007 02:01:15 | Attr = H ]

$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 20/08/2007 02:01:25 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 20/08/2007 02:02:23 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 20/08/2007 02:02:13 | Attr = H ]

$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 03/09/2007 02:01:05 | Attr = H ]

imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ]

pss -> %SystemRoot%\pss -> [Folder | Created Date = 29/08/2007 15:50:58 | Attr = ]

dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ]

MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 14/09/2007 16:05:43 | Attr = ]

my360 Classic dir -> %System32%\my360 Classic dir -> [Folder | Created Date = 31/08/2007 16:53:25 | Attr = ]

my360 Classic.scr -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Created Date = 31/08/2007 16:53:25 | Attr = ]

my360 Psyche dir -> %System32%\my360 Psyche dir -> [Folder | Created Date = 31/08/2007 16:53:14 | Attr = ]

my360 Psyche.scr -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Created Date = 31/08/2007 16:53:14 | Attr = ]

Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 11/09/2007 13:59:25 | Attr = ]

SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ]

swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 11/09/2007 13:59:25 | Attr = ]

swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ]

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3412 bytes | Created Date = 29/08/2007 14:44:54 | Attr = ]

VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ]

ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1032 built by: WinDDK | Size = 40264 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ]

iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1020 | Size = 57672 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ]

iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1021 | Size = 82248 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ]

kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ]

HOSTS.bak -> %System32%\drivers\etc\HOSTS.bak -> [Ver = | Size = 692 bytes | Created Date = 14/09/2007 15:14:00 | Attr = ]

 

[Files/Folders - Modified Within 30 days]

boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 14/09/2007 15:48:20 | Attr = RHS]

Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 14/09/2007 16:12:52 | Attr = H ]

Devis10 -> %SystemDrive%\Devis10 -> [Folder | Modified Date = 17/09/2007 11:09:08 | Attr = ]

dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 7661 bytes | Modified Date = 30/08/2007 16:41:58 | Attr = ]

Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 28/08/2007 14:11:22 | Attr = ]

fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 30/08/2007 16:44:16 | Attr = ]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534941696 bytes | Modified Date = 15/09/2007 09:03:28 | Attr = HS]

Program Files -> %ProgramFiles% -> [Folder | Modified Date = 14/09/2007 16:12:52 | Attr = R ]

RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 30/08/2007 16:36:58 | Attr = HS]

repair.reg -> %SystemDrive%\repair.reg -> [Ver = | Size = 236 bytes | Modified Date = 11/09/2007 14:05:46 | Attr = ]

WA7PV -> %SystemDrive%\WA7PV -> [Folder | Modified Date = 28/08/2007 08:16:54 | Attr = HS]

WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 15/09/2007 09:03:50 | Attr = ]

$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 29/08/2007 13:00:58 | Attr = H ]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 20/08/2007 03:02:20 | Attr = H ]

$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 03/09/2007 03:00:34 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 20/08/2007 03:02:28 | Attr = H ]

$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 20/08/2007 03:00:46 | Attr = H ]

$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 20/08/2007 03:01:18 | Attr = H ]

$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 20/08/2007 03:01:26 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 20/08/2007 03:02:24 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 20/08/2007 03:02:14 | Attr = H ]

$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 03/09/2007 03:01:08 | Attr = H ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 15/09/2007 09:03:30 | Attr = S]

Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 29/08/2007 16:00:42 | Attr = ]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/09/2007 14:15:24 | Attr = S]

Help -> %SystemRoot%\Help -> [Folder | Modified Date = 21/08/2007 22:38:08 | Attr = ]

imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 03/09/2007 03:00:40 | Attr = ]

inf -> %SystemRoot%\inf -> [Folder | Modified Date = 03/09/2007 03:01:10 | Attr = H ]

Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 14/09/2007 16:12:54 | Attr = HS]

Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 29/08/2007 16:00:42 | Attr = ]

MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 3072 bytes | Modified Date = 17/09/2007 08:16:46 | Attr = ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 17/09/2007 06:32:24 | Attr = ]

pss -> %SystemRoot%\pss -> [Folder | Modified Date = 29/08/2007 16:52:08 | Attr = ]

system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 14/09/2007 15:48:20 | Attr = ]

system32 -> %System32% -> [Folder | Modified Date = 14/09/2007 17:05:44 | Attr = ]

Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 17/09/2007 09:16:42 | Attr = ]

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 816 bytes | Modified Date = 14/09/2007 15:48:20 | Attr = ]

WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 20/08/2007 03:01:04 | Attr = ]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 14/09/2007 10:23:04 | Attr = ]

HPpromotions journeysoftware.job -> %SystemRoot%\tasks\HPpromotions journeysoftware.job -> [Ver = | Size = 364 bytes | Modified Date = 17/09/2007 08:00:02 | Attr = ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 15/09/2007 09:03:34 | Attr = H ]

CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/09/2007 14:15:24 | Attr = ]

CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3121 bytes | Modified Date = 28/08/2007 14:27:04 | Attr = ]

dllcache -> %System32%\dllcache -> [Folder | Modified Date = 03/09/2007 03:01:08 | Attr = RHS]

drivers -> %System32%\drivers -> [Folder | Modified Date = 15/09/2007 09:03:52 | Attr = ]

MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 14/09/2007 17:05:44 | Attr = ]

my360 Classic dir -> %System32%\my360 Classic dir -> [Folder | Modified Date = 31/08/2007 18:43:04 | Attr = ]

my360 Classic.scr -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:26 | Attr = ]

my360 Psyche dir -> %System32%\my360 Psyche dir -> [Folder | Modified Date = 31/08/2007 17:53:16 | Attr = ]

my360 Psyche.scr -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:16 | Attr = ]

perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ]

perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 64484 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ]

perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ]

perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 446566 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 956504 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3412 bytes | Modified Date = 14/09/2007 15:45:30 | Attr = ]

VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 15/09/2007 09:04:48 | Attr = ]

etc -> %System32%\drivers\etc -> [Folder | Modified Date = 14/09/2007 16:14:02 | Attr = ]

HOSTS.bak -> %System32%\drivers\etc\HOSTS.bak -> [Ver = | Size = 692 bytes | Modified Date = 14/09/2007 16:05:42 | Attr = ]

HOSTS.ehm -> %System32%\drivers\etc\HOSTS.ehm -> [Ver = | Size = 614488 bytes | Modified Date = 14/09/2007 16:14:02 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 783224 bytes | Modified Date = 28/07/2007 00:07:22 | Attr = ]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ]

aspack , -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:26 | Attr = ]

aspack , -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:16 | Attr = ]

UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]

UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ]

UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ]

UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ]

UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ]

Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 14/01/2005 15:09:24 | Attr = ]

Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.115.0 | Size = 426848 bytes | Modified Date = 08/04/2004 13:50:04 | Attr = ]

qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\HOSTS.ehm -> [Ver = | Size = 614488 bytes | Modified Date = 14/09/2007 16:14:02 | Attr = ]

 

< End of report >

 

de plus regedit est encore desactivé et impossible de desinstaller qoui que ce soit !

 

 

merci

Modifié par triton
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut

 

Oui, il est vrai que la désinfection traine en longueur, désolé :P

Ok le dernier rapport est bon: ceci dit, il faut qu'on se débarrasse des restrictions.

 

1) Stp rend toi sur cette page afin de télécharger le fichier kill.reg > http://www.sendspace.com/file/dbl115

pour cela, clique sur le lien en bas de page > pointright.gifDownload Link: kill.reg Ne le lance pas maintenant !

 

2) Redémarre le PC, impérativement en mode sans échec.

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.

Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].

Choisis ton compte usuel, et non Administrateur

 

3) Double clique sur le fichier kill.reg et accepte la fusion avec le registre.

 

4) Redémarre le pc normalement et essaie de nouveau d'ouvrir le Panneau de Configuration ainsi que le registre.

 

Comme déjà demandé : Fais le scan en ligne Panda!! poste le rapport généré stp.

 

Voir plus haut pour les instructions :P

triton Member

triton

Posté(e)
  • Auteur
Posté(e)

je ne faisais pas de reproches au sujet de la 3eme semaine, c'était une pointe d'humour !

 

je te tiens au courant de la suite et te remercie à nouveau de ton aide.

Ce n'est pas facile car nous sommes en production en permanence et je ne peux pas toujours utiliser utiliser ce poste.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...